Cryptocurrency-mining Windows malware has been found for the first time on a network of industrial control systems (ICS) at an operational treatment plant for a water utility. Radiflow, a security provider for critical infrastructure, made the discovery recently. Initial investigations suggest that the malware arrived via malicious advertising viewed in a web browser on a machine responsible for the ICS's Human Machine Interface (HMI). So really this story is about three problems.

Sierra Nevada Corporation (SNC) has announced that NASA has given its Authority to Proceed with the Dream Chaser spacecraft's first cargo mission to the International Space Station (ISS).

In a statement released on Feb. 7 2017, Fatih Ozmen, owner and CEO of SNC stated, "SNC has been successfully completing critical design milestones as approved by NASA, and having a timetable for the first launch is another important step achieved for us. The team has worked so hard to get to this point and we can't wait to fulfill this mission for NASA."

This latest announcement follows a successful free-flight test in January which satisfied yet another NASA milestone. The free-flight proved that the spacecraft would be capable to safely return cargo to Earth utilizing a runway landing.

If it flies, the 2020 launch will be the first of six missions that NASA has contracted with SNC under the Commercial Resupply Services 2 (CRS-2) contract. Those contracts were awarded in January of 2016. SpaceX and Orbital-ATK, who were the only two companies awarded resupply services under the CRS-1 contracts, also saw their agreements with the space agency extended under CRS-2.

In what is believed to be the first gig economy case to be fully decided on the merits, Grubhub has beaten back a labor lawsuit filed by one of its former drivers.

In a court opinion released Thursday by US Magistrate Judge Jacqueline Scott Corley, "the Court finds that Grubhub has satisfied its burden of showing that Mr. Lawson was properly classified as an independent contractor."

Both sides had agreed that Judge Corley, rather than a jury, would decide the case in her San Francisco federal courtroom. She heard closing arguments in late October 2017.

[...] Part of what may have doomed Lawson's own case was that, in Judge Corley's estimation, in addition to working for other gig economy companies while simultaneously working for Grubhub, he was fundamentally "not credible."

[...] Lawson, by his own admission, "gamed the app" by scheduling himself for a work shift (a "block" in company parlance) but received few, if any, actual delivery orders by putting his phone in airplane mode, among other tactics.

"Mr. Lawson's claimed ignorance of his dishonest conduct is not credible," Judge Corley wrote. "Mr. Lawson would remember if after he filed this lawsuit against Grubhub he cheated Grubhub. If he had not moved his smart phone to airplane mode, intentionally toggled available late, or deliberately engaged in other conduct to get paid for doing nothing he would have denied doing so at trial. But he did not."

[...] Michael LeRoy, a professor of labor law at the University of Illinois at Urbana-Champaign, told Ars that the case has "limited precedential value."

"Going forward," he emailed, "lawyers who bring these types of lawsuits should have reservations about pushing too far or long with a plaintiff who can be shown to cheat and who gives sworn deposition or trial testimony that is not credible."

A former Apple intern has been blamed for a leak of iOS source code. The intern reportedly distributed it to five friends in the iOS jailbreaking community, and the code eventually spread out of this group:

According to Motherboard, the intern who stole the code took it and distributed it to a small group of five friends in the iOS jailbreaking community in order to help them with their ongoing efforts to circumvent Apple's locked down mobile operating system. The former employee apparently took "all sorts of Apple internal tools and whatnot," according to one of the individuals who had originally received the code, including additional source code that was apparently not included in the initial leak.

Japanese authorities said on Monday they would investigate all cryptocurrency exchanges in the country for security gaps and ordered Coincheck to raise its standards after hackers stole $530 million of digital money from the Tokyo-based exchange.

The theft - one of the world's biggest cyberheists - highlights the vulnerabilities in trading an asset that policymakers are struggling to regulate, as well as the broader risks for Japan as it aims to leverage the fintech industry to stimulate economic growth.

The Financial Services Agency (FSA) on Monday ordered improvements to operations at Coincheck, which on Friday suspended trading in all cryptocurrencies except bitcoin after hackers stole 58 billion yen ($534 million) of NEM coins, among the most popular digital currencies in the world.

Coincheck said on Sunday it would repay about 90 percent, though it has yet to figure out how or when.

[...] Japan started to require cryptocurrency exchange operators to register with the government only in April 2017, allowing pre-existing operators such as Coincheck to continue offering services ahead of formal registration.

The FSA has registered 16 cryptocurrency exchanges so far, and another 16 are still awaiting clearance. Coincheck's application was made in September.

VideoLAN has released version 3.0.0 of the VLC media player for Windows, Linux, BSD, Android, and macOS. The new version is billed as enabling hardware decoded playback of 4K, 8K, and 360-degree video (in a demonstration video, VLC 3.0.0 is shown playing 8K 48fps 360-degree video on a Samsung Galaxy S8).

The 3.0.x branch of VLC will be maintained as long-term support versions and will be the last releases on Windows XP (with significant limitations), Vista, macOS 10.7, 10.8 & 10.9, iOS 7 & 8, Android 2.x, 3.x, 4.0.x & 4.1.x, and the last to run on compilers before gcc 5.0 and clang 3.4, or equivalent.

From VLC Android developer Geoffrey Métais's blog post about the release, which discusses why Chromecast support took so long to add, as well as other missing features that have now been added to the Android version:

*SPOILER* (click to show)*SPOILER* (click to hide)

Chromecast support is everywhere and VLC took years to get it, right, but there are plenty of good reasons for it:

First of all, VideoLAN is a nonprofit organization and not a company. There are few developers paid for making VLC, most of them do it in their free time. That's how you get VLC for free and without any ads!

Also, VLC is 100% Open Source and Chromecast SDK isn't: We had to develop our very own Chromecast stack by ourselves. This is also why there is no voice actions for VLC (except with Android Auto), [and] we cannot use Google Play Services.

Furthermore, Chromecast is not designed to play local video files: When you watch a Youtube video, your phone is just a remote controller, nothing more. Chromecast streams the video from youtube.com. That's where it becomes complicated, Chromecast only supports very few codecs number, let's say h264. Google ensures that your video is encoded in h264 format on youtube.com, so streaming is simple. With VLC, you have media of any format. So VLC has to be a http server like youtube.com, and provide the video in a Chromecast compatible format. And of course in real time, which is challenging on Android because phones are less powerful than computers.

At last, VLC was not designed to display a video on another screen. It took time to properly redesign VLC to nicely support it. The good news is we did not make a Chromecast specific support, it is generic renderers: in the next months we can add UPnP support for example, to cast on any UPnP box or TV!

Kashmir Hill and Surya Mattu, over at Gizmodo, write about wiring Kashmir's apartment with as many "smart" gadgets as possible and then observing the data flow. Some of the telemetry streams are not encrypted, some are. Both are observable by the companies they report to, but even those that are encrypted still tell the network in between a lot about the inhabitants of the house and their activities based on when they happen and their volume.

In December, I converted my one-bedroom apartment in San Francisco into a "smart home." I connected as many of my appliances and belongings as I could to the internet: an Amazon Echo, my lights, my coffee maker, my baby monitor, my kid's toys, my vacuum, my TV, my toothbrush, a photo frame, a sex toy, and even my bed.

[...] What our experiment told us is that all the connected devices constantly phone home to their manufacturers. You won't be aware these conversations are happening unless you're technically savvy and monitoring your router like we did. And even if you are, because the conversations are usually encrypted, you won't be able to see what your belongings are saying. When you buy a smart device, it doesn't just belong to you; you share custody with the company that made it.

That's not just a privacy concern. It also means that those companies can change the product you bought after you buy it. So your smart speaker can suddenly become the hub of a social network, and your fancy smart scale can have one of its key features taken away in a firmware update.

Usability was another aspect. She had no less than 14 different "apps" on her smartphone as well as several voice activated devices that still had comprehension difficulties.

Police have arrested a man named Andy Mai in connection with a string of Venmo scams against LA-area resellers, according to Los Angeles County Superior Court records. Andy Mai faces six charges of grand theft, filed on January 25th. On Wednesday, Mai posted a $145,000 bond, pleading not guilty to all charges. He is next scheduled to appear in court on February 26th. Detectives on the case said the investigation was still ongoing, and declined to comment further.

In November, The Verge traced more than $125,000 in scams perpetrated under the name Andy Mai, exploiting a poorly understood feature of Venmo's payment system. Arranging to buy iPhones, cameras, and other big-ticket items on Venmo, the scammer would pay with fraudulent funds that disappeared from seller's accounts after 24 hours. When Venmo reversed the charges, sellers were left with no money and no goods, often out tens of thousands of dollars. Venmo advises users never to purchase goods from strangers using Venmo, but few are aware of the restriction, which proved crucial to the scammer's success. In recent weeks, a number of the victims have received official notifications of court proceedings.

Venmo.com: "Venmo is a free digital wallet that lets you make and share payments with friends. You can easily split the bill, cab fare, or much more."

The notion of Apple's "walled garden" ecosystem of products precedes even the iPhone. For as long as the company has existed, Apple products have worked best with other Apple products and that's been that. But the new HomePod speaker, which is going on sale today, ratchets this commitment up another notch. If you thought you were locked inside the Apple ecosystem before, buying a HomePod is like adding an iron ball to those chains.

The HomePod costs $349. That's a high price for the vast majority of people, and it pretty much guarantees that you'll be using the HomePod as the primary listening device in your home. The HomePod has voice control for music playback, but you'll have to be tapping into Apple's own Apple Music, iTunes tracks, or iTunes Match to take full advantage of Siri. Alternatively, you can use AirPlay from an Apple device, which gets you access to services like Spotify but with drastically simplified play / pause voice control. In any and all cases, to get the most out of the HomePod, you absolutely must have a subscription to an Apple music service and an iOS device to set the speaker up.

[...] Apple's HomePod is, by all accounts, a superb speaker that sets a new benchmark for sound quality in its size and price class. But it is also brazenly hostile to any hardware or service not made by Apple. If you decide to buy one, do so with the full awareness of how deeply ensconced inside the Apple bubble you will be.

The successful launch of SpaceX's Falcon Heavy rocket is a game-changer that could actually save NASA and the future of space exploration. [...] Unfortunately, the traditionalists at NASA — and their beltway bandit allies — don't share this view and have feared this moment since the day the Falcon Heavy program was announced seven years ago.

The question to be answered in Washington now is why would Congress continue to spend billions of taxpayer dollars a year on a government-made rocket that is unnecessary and obsolete now that the private sector has shown they can do it for a fraction of the cost? [...] Once operational, SLS will cost NASA over $1 billion per launch. The Falcon Heavy, developed at zero cost to the taxpayer, would charge NASA approximately $100M per launch. In other words, NASA could buy 10 Falcon Heavy launches for the coat of one SLS launch — and invest the remainder in truly revolutionary and meaningful missions that advance science and exploration.

While SLS may be a "government-made rocket", the "beltway bandits", also known as Boeing, Lockheed Martin, Orbital ATK, and Aerojet Rocketdyne, are heavily involved in its development. The United Launch Alliance (Boeing + Lockheed Martin) have also shown that they can build their own expensive rocket: the Delta IV Heavy, which can carry less than half the payload to LEO of Falcon Heavy while costing over four times as much per launch.

NASA's marketing of how many elephants, locomotives and airplanes could be launched by various versions of SLS is a perfect example of the frivolity of developing, building and operating their own rocket. NASA advertises that it will be able to launch 12.5 elephants to LEO on Block I SLS, or 2.8 more elephants than the Falcon Heavy could launch. But if we are counting elephants — the planned Block II version of SLS could launch 30 elephants, while SpaceX's BFR could launch 34. Talk about significant.

NASAdocuments list 12 elephants for SLS Block 1 (70 metric tons), and 22 for SLS Block 2 (130 metric tons). The author might have lifted some numbers from a Business Insider article that (incorrectly) estimates that 12.5 elephants can be lifted by Falcon Heavy, while SLS Block 2 can lift 30 elephants, and 34 for BFR. Perhaps we are dealing with a mix of adult and juvenile elephants?

[Continues...]

Regarding the Falcon Heavy maiden flight, Lori Garver had this to say on Twitter about the Tesla dummy payload (which has attracted some criticism):

I was told by a SpaceX VP at the launch that they offered free launches to NASA, Air Force etc. but got no takers. A student developed experiment or early tech demo could have led to even more new knowledge from the mission. The Tesla gimmick was the backup.

However, the offer may have been informal, or made too close to the launch date. And Elon Musk himself guessed that the Falcon Heavy maiden launch had a 50% chance of succeeding.

While skeptical of Elon Musk's plans to get humans to Mars by 2024, she also says that NASA employees often dismissed the Falcon Heavy launch as "never going to happen".

Researchers from the University of Alicante's research group in applied electrochemistry and electrocatalysis have developed a stand-alone system for desalinating and treating water through electrodialysis. The system is directly powered by solar energy and can be applied in off-grid areas.

Designed only for desalinating water, this is a sustainable, eco-friendly technology, as its energy is supplied by solar photovoltaic panels in a CO2-free process, thus not contributing to climate change.

According to research group director Vicente Montiel, "the new system requires no batteries and has none of the economic and environmental costs involved in managing empty batteries. Furthermore, it can be adapted and applied for treating water of many different origins, such as seawater, wells containing brackish water, treatment plants, industrial processes, etc., which makes it particularly well-suited to remote, off-grid areas." In this sense, this equipment can be employed to obtain clean water for human consumption, irrigation, street cleaning and others, both when there is no energy grid available and after natural disasters, such as earthquakes, floods or fires.

Montiel also points out that "the technology we designed can be a potential solution to drought, just like osmosis plants."

The research group already has a pilot and demonstration plant able to generate a cubic metre of drinking water every day. They are looking for companies interested in the commercial exploitation of the technology through licence and/or technical cooperation agreements.

Russian security officials arrested a number of scientists working at a secret Russian nuclear weapons facility for allegedly using lab equipment to mine for cryptocurrencies, according to Russia's Interfax News Agency.

[The facility's computers are] supposed to be isolated; they are kept disconnected from the internet in order to prevent any outside intrusion or hacking efforts. That was violated by the engineers who decided to use the supercomputer rigs to mine for cryptocurrency.

Mining for cryptocurrency requires a considerable amount of processing power—something the average computer might struggle to provide but a supercomputer designed for work on nuclear weapons surely has the capacity for.

The story does not specify the cryptocurrency or cryptocurrencies the scientists were trying to mine, nor whether any mining was successful.

You don't read privacy policies. And of course, that's because they're not actually written for you, or any of the other billions of people who click to agree to their inscrutable legalese. Instead, like bad poetry and teenagers' diaries, those millions upon millions of words are produced for the benefit of their authors, not readers—the lawyers who wrote those get-out clauses to protect their Silicon Valley employers.

But one group of academics has proposed a way to make those virtually illegible privacy policies into the actual tool of consumer protection they pretend to be: an artificial intelligence that's fluent in fine print. Today, researchers at Switzerland's Federal Institute of Technology at Lausanne (EPFL), the University of Wisconsin and the University of Michigan announced the release of Polisis—short for "privacy policy analysis"—a new website and browser extension that uses their machine-learning-trained app to automatically read and make sense of any online service's privacy policy, so you don't have to.

Under pressure from the Pentagon to bring fresh ideas to the table, military satellite manufacturers are trying to build closer connections with startups and entrepreneurs that are fueling the space economy.

Lockheed Martin, the nation's largest military contractor, rolled out a new initiative this week to attract "aspiring space technologists." It has decided to publicly release the technical specifications of its satellite platforms in a bid to attract "companies aspiring to send innovative technologies to space," the company announced on Thursday.

"This is intended to help people connect to our buses," Lockheed Martin spokesman Mark Lewis told SpaceNews. "If developers know the specs in advance, that speeds up their development and integration time."

Lockheed only is interested in non-proprietary ideas and products. "We're pretty open to all types of technologies, ranging from helping first responders address crises faster, studying the environment, creating ultra-high-capacity communications links and adapting low-cost commercial technology to the punishing environments of space. We're open to any concept, and we'll look for the best matches for our customers."

The company has produced more than 800 satellites. Under the "open space" project, Lockheed will publish technical details of the payload accommodation for its LM 2100 satellite platform, LM 400 small satellite and two variants of its new LM 50 nanosat series.

I hope you haven't invested in too much popcorn for the Waymo and Uber Saga. They settled with a $244 Million dollar payout to Waymo. Would have been interesting to see the whole thing play out. Though, I guess it's not terribly surprising, considering how many times I've gotten Jury summons just to be told that I won't be needed. Horror of horrors, I actually had to drive to the courthouse once, before the parties settled.